package com.trackray.module.poc;

import com.trackray.base.annotation.Plugin;
import com.trackray.base.annotation.Rule;
import com.trackray.base.bean.Result;
import com.trackray.base.bean.Task;
import com.trackray.base.bean.Vulnerable;
import com.trackray.base.plugin.AbstractPOC;
import com.trackray.module.inner.SgkSearch;
import org.springframework.beans.factory.annotation.Autowired;

import java.util.Map;

/**
 * @author 浅蓝
 * @email blue@ixsec.org
 * @since 2019/6/24 14:18
 */
@Plugin(title = "信息泄露扫描")
@Rule
public class SgkExploit extends AbstractPOC {
    @Autowired
    private SgkSearch sgkSearch;

    @Override
    public void attack(Task task) {

        for (String s : task.getResult().getSenseInfo().getEmail()) {
            sgkSearch.getParam().put(SgkSearch.EMAIL,s);
            sgkSearch.setTask(task);
            Map<String, String> result = sgkSearch.executor().result();

            if (!result.isEmpty()){
                addVulnerable(
                        Vulnerable.builder()
                                .title("邮箱密码被泄漏过")
                                .level(Vulnerable.Level.HIGH.getLevel())
                                .type(Vulnerable.Type.INFO_LEAKAGE.getType())
                                .detail(result.toString())
                                .build()
                );
            }

        }

    }

    @Override
    public boolean check(Result result) {
        return !result.getSenseInfo().getEmail().isEmpty();
    }
}
